Unlock the full potential of Wavestore v6.46 -view our launch presentation today and explore the latest innovations in video management.
For Security Directors, IT Managers, and Facility Leaders
You've invested heavily in your physical security infrastructure — access control panels, door hardware, wiring, and the field devices that tie it all together. Now the pressure is mounting. Leadership wants better reporting. IT is asking about cybersecurity vulnerabilities. And your current access control software is struggling to keep up with the complexity of your operations.
The instinctive response from many vendors? Rip it all out and start fresh.
But that instinct is wrong — and for most organisations, it's unnecessarily expensive, disruptive, and risky.
"Here's what many security directors don't realise: if your infrastructure runs on Mercury Security controllers, you may already own some of the most capable, interoperable hardware in the industry. The problem isn't your controllers. The problem is the proprietary software layer sitting on top of them."
This guide will walk you through how to modernise your security stack — moving to a unified, open-platform software solution — without touching a single controller.
Mercury controllers have been an industry standard for over three decades. With more than 5 million units deployed globally and installations at over 90 of the Fortune 100 companies, Mercury hardware is widely recognised as the backbone of enterprise-grade physical access control. The hardware is not your problem.
The bottleneck is almost always the software platform — specifically, proprietary access control management systems that:
The cost of a full hardware-and-software replacement across a mid-sized enterprise can easily run into hundreds of thousands of pounds or dollars when you factor in panel swaps, re-wiring, data migration, staff retraining, and temporary security gaps during the cutover. And for what? New hardware that may not even outperform what you already have in the ground.
The smarter path is a software-layer upgrade — replacing only the management platform while retaining the Mercury controllers you've already paid for.
Before selecting a new platform or writing a migration plan, conduct a thorough audit of your existing environment.
What to inventory:
Technical considerations:
Output of Phase 1: A complete system map, a compatibility matrix, and a prioritised list of sites or buildings ranked by complexity and migration risk.
With your assessment complete, you can build a realistic migration plan that accounts for operational risk, budget, and internal resources.
This is where the technical depth of your chosen software platform matters most.
A true open platform will communicate with Mercury controllers using the same standard protocols Mercury supports natively: OSDP (Open Supervised Device Protocol) for reader communications, MQTT for IoT-style messaging, and TLS for encrypted transport. The software connects to your controllers over your existing IP network — no new cabling required.
Key integration tasks in this phase:
Avoid the trap of over-integration at launch. Migrating the core access control function first, then layering in integrations in subsequent phases, reduces risk and speeds up the initial go-live.
This is where careful planning pays off. A well-executed phased rollout means that at no point is your entire operation running on an untested configuration.
The recommended approach is a parallel-run model:
Because your Mercury controllers remain in place, each door continues to enforce access control throughout the migration. There is no window where a door is unmanaged.
Once migration is complete, the real work begins: using your new platform to do things your old system simply couldn't.
This typically includes enabling mobile credentials, building automated onboarding and offboarding workflows, activating occupancy analytics, setting up anomaly detection alerts, and integrating with building management systems for energy-aware access scheduling. The Mercury hardware supports all of this — it just needed the right software layer to unlock it.
Example Scenario: Multi-Site Corporate Campus
Organisation: A financial services firm with 1,200 employees across four sites — a headquarters building, two regional offices, and a data centre.
Current state: All sites run Mercury EP and LP series controllers managed by a legacy proprietary platform. The platform is approaching end-of-support and cannot integrate with the firm's new cloud-based HR system.
Migration approach:
Result: Zero controller replacements. Zero unmanaged doors during migration. Full operational continuity throughout the process.
This is the crux of the upgrade decision, and it's worth being direct about what's at stake.
A proprietary access control system ties your hardware and software together in a closed bundle. The vendor controls the firmware on your controllers, the format of your data, the integrations available to you, and the pace of feature development. When you want to add a new capability — say, mobile credentials or a visitor management integration — you are entirely dependent on whether and when that vendor chooses to build it.
Switching software vendors in a proprietary environment typically means replacing hardware too, because proprietary controllers are engineered to work only with that vendor's platform. This is not a technical limitation — it is a deliberate commercial strategy. The high switching cost keeps you renewing licences regardless of whether the product still meets your needs.
An open platform uses published, standardised APIs and protocols to communicate with hardware from multiple manufacturers. For Mercury controllers, this means any software vendor with a Mercury integration can discover, connect to, and manage your existing controllers without modification.
The practical benefits of this architecture are significant:
The contrast is stark. A proprietary system is a walled garden. An open platform is infrastructure you own and control.
It's worth being explicit about why Mercury hardware earns its place in a modernised security stack — because this isn't just about avoiding the cost of replacement.
Industry-standard reliability. Mercury controllers are field-proven across virtually every vertical market, from corporate campuses and healthcare facilities to government buildings and data centres. The hardware is engineered for continuous operation with minimal maintenance requirements.
True open architecture from the hardware up. Mercury's commitment to open architecture isn't a marketing position — it's embedded in the product design. The controllers expose a well-documented API that any software vendor can build against, and Mercury actively maintains a partner programme that brings together dozens of leading software providers. The platform supports OSDP, MQTT, and TLS natively, ensuring compatibility with modern security standards out of the box.
A growing hardware platform. The newest Mercury MP Intelligent Controllers, launched in 2024, introduce an embedded application environment that allows software to run directly on the controller — enabling edge-based access decisions, IoT integrations, and advanced automation without relying on a central server. LP series controllers are also supported with firmware updates (including the MercOS platform) through 2028, giving organisations a clear runway for their existing investments.
Broad software compatibility. The Mercury controller ecosystem is supported by a wide range of open-platform software providers, including Genetec Security Center, LenelS2, Avigilon, Schneider Electric's EcoStruxure Access Expert, Maxxess eFusion, and many others. This competitive landscape works in your favour as an end customer.
In short: the controller is not holding you back. Keeping it is not a compromise — it is the strategically correct decision.
Audit before you commit. The quality of your assessment in Phase 1 determines the quality of everything that follows. Invest the time to build an accurate picture of your environment before selecting a platform or setting a go-live date.
Engage your IT team early. Open-platform software runs on your network and integrates with your identity directory. IT needs to be a partner in the migration, not an afterthought. Involve them in network planning, firewall rules, certificate management, and integration architecture from the start.
Test cardholder data imports thoroughly. Access level errors discovered after go-live are a security risk. Import data into a test environment, validate it against your existing system, and get sign-off from your security operations team before the live cutover.
Train staff before go-live, not after. Security operators who are unfamiliar with the new interface on day one will make mistakes. Build training time into the migration schedule.
Document your configuration. As you set up access levels, door schedules, and integrations in the new platform, document the decisions you make. This is invaluable for future changes, audits, and onboarding new team members.
Choose a phased approach for high-criticality sites. Headquarters buildings, data centres, and sites with sensitive operations should be migrated last and with the most conservative change management process.
Don't skip the parallel-run period. The temptation to cut over quickly is real, especially if the old system is causing pain. Resist it. Running old and new systems in parallel on a pilot site for even two weeks catches a significant proportion of configuration errors before they affect your entire estate.
Don't underestimate integration complexity. Connecting to video systems, HR platforms, and visitor management tools takes more time than connecting controllers. Budget for this in your project timeline.
Don't ignore the end user experience. Access control affects every person who enters your buildings. Changes to credential formats, access scheduling, or door behaviour will generate support calls. Communicate proactively with employees about what's changing and when.
Don't treat migration as a one-time project. The transition to an open platform creates an ongoing capability: the ability to add integrations, expand to new sites, and adopt new features as your organisation evolves. Build the internal knowledge to maintain and extend the system over time.
Don't select a platform based solely on price. The cheapest open-platform software may not offer the Mercury integration depth, the integration ecosystem, or the support model your organisation needs. Evaluate on total cost of ownership over five years, not licence cost alone.
The security technology landscape has shifted. The era of bundled, proprietary systems that hold your hardware and your data hostage is giving way to open, interoperable platforms that put the end customer back in control.
If your organisation runs Mercury controllers, you are already on the right foundation. The hardware is reliable, widely supported, and built for exactly this kind of software-layer modernisation. What you need is not new hardware — it is a software platform that can unlock the full capability of what you already own: unified management across access control, video, and building systems; seamless integrations with your IT environment; advanced analytics and reporting; and the freedom to choose your technology partners based on merit rather than lock-in.
The path forward is a phased, structured migration — one site at a time, one system at a time — that keeps your operations running continuously and your controllers exactly where they are.
The organisations that will define the next decade of physical security aren't the ones that spend the most on hardware. They're the ones that build flexible, open infrastructure that can evolve as their needs change.
Your Mercury controllers are ready. The question is whether your software is.
Ready to take control of your access control roadmap? Book a Migration Consultation with Wavestore today. We will evaluate your Mercury hardware and build a clear path to WaveFusion — the unified intelligence platform that gives you cloud-first visibility without giving up edge independence.
Solutions for a world we can't yet see. Discover v6.46 features helping people and businesses.
